File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Difference between Cookies and Session in servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Difference between Cookies and Session in servlets " Watch "Difference between Cookies and Session in servlets " New topic
Author

Difference between Cookies and Session in servlets

Sumit Neets
Greenhorn

Joined: Aug 24, 2009
Posts: 3
Hi,

I am preparing for SCWCD and reading the HFSJ book.

I am on topic of Session managament, But i got confused between the cookies and session.

Could anyone please explain me the differnce between these 2 in detail ?


Thanks,
Sumit
Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
Cookies are little text files that are stored on the client side. Their sole purpose is to send subsequent information to the server.

In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).

Upon session startup, the server tells the client to create a cookie and store a unique ID in it, that the client has to send with every request that goes to the server. The server uses this ID to identify the session the request belongs to.

So, to sum it all up, "Cookies are a way to enable session tracking"


JDBCSupport - An easy to use, light-weight JDBC framework -
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Sebastian Janisch wrote:
In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).


another way is hidden field .

cookie is created on server and stored on client

Sumit Neets
Greenhorn

Joined: Aug 24, 2009
Posts: 3
Thanks a lot .....
Hong Anderson
Ranch Hand

Joined: Jul 05, 2005
Posts: 1936
seetharaman venkatasamy wrote:
Sebastian Janisch wrote:
In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).


another way is hidden field .

Using hidden fields is a way to pass state to another page, but not a way to implement session tracking.


SCJA 1.0, SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCJP 5.0, SCEA 5, SCBCD 5; OCUP - Fundamental, Intermediate and Advanced; IBM Certified Solution Designer - OOAD, vUML 2; SpringSource Certified Spring Professional
Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
Kengkaj Sathianpantarit wrote:
seetharaman venkatasamy wrote:
Sebastian Janisch wrote:
In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).


another way is hidden field .

Using hidden fields is a way to pass state to another page, but not a way to implement session tracking.


I think there is a way to embed the session id in a hidden field in a login form for instance.
Hong Anderson
Ranch Hand

Joined: Jul 05, 2005
Posts: 1936
Sebastian Janisch wrote:
Kengkaj Sathianpantarit wrote:
seetharaman venkatasamy wrote:
Sebastian Janisch wrote:
In correlation with sessions, cookies are one way of achieving session tracking (the other is url rewriting).


another way is hidden field .

Using hidden fields is a way to pass state to another page, but not a way to implement session tracking.


I think there is a way to embed the session id in a hidden field in a login form for instance.

It is possible but it's not a standard way. We have to implement that in both server-side (like set session id to a request attribute) and client-side (read session id and set to a hidden field, and the client also needs to pass the session id to every link). Furthermore, we have to pass that session id as a hidden field across all pages.
prashant k. gupta
Ranch Hand

Joined: May 15, 2008
Posts: 62
Upon session startup, the server tells the client to create a cookie and store a unique ID in it, that the client has to send with every request that goes to the server. The server uses this ID to identify the session the request belongs to.



I am not sure whether client used to create session. i guess server will create session and attach sessionId to the response which can be send by client while making further request.

Correct me if i am wrong.
Hong Anderson
Ranch Hand

Joined: Jul 05, 2005
Posts: 1936
The server creates session, the client creates a cookie which contains the session id.
priya rishi
Ranch Hand

Joined: Oct 26, 2008
Posts: 119
Kengkaj Sathianpantarit wrote:
The server creates session, the client creates a cookie which contains the session id.



I dont think , the client creates a cookie.

Server creates the cookie (name , value) pair.


sends the cookie in response

and then the client stores it.

From then on, everytime client sends the request to this web server , cookie is sent with the request (request header), from which the server identifies the user.(This happens until the cookie expires or the user deletes the cookie)

Correct me , if i am wrong.


SCJP 5 , SCWCD 5
Hong Anderson
Ranch Hand

Joined: Jul 05, 2005
Posts: 1936
I'm sorry, you're right. The server creates and sends cookie to the client, and the client stores it and sends to the server.
Sumit Neets
Greenhorn

Joined: Aug 24, 2009
Posts: 3
It means Cookie is one type of establishing session and it is part of session.

Session can be created with the 2 methods :--

(1) Through Cookies.
(2) Through URLrewriting.

For Cookie method client also have to enable cookies on internet explorer--> Tools --> Privacy.


Please correct me if i am wrong.

Thanks a lot to all of you.......
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Difference between Cookies and Session in servlets